What are the BSI-Standards and the IT-Grundschutz-Kompendium, and how do they fit together?
The BSI-Standards (200-1 / 200-2 / 200-3 / 100-4) describe the methodology of an ISMS and IT-Grundschutz. The Kompendium is the content library: 80+ Bausteine (building blocks), each with threats and concrete safeguards.
* Split of labour: the 200-x standards give the method; the Kompendium supplies the actual controls (Bausteine). *
| BSI-Standard | Topic |
|---|---|
| 200-1 | Management systems for information security (ISMS) |
| 200-2 | IT-Grundschutz methodology |
| 200-3 | Risk analysis based on IT-Grundschutz |
| 100-4 | Notfallmanagement (emergency / business continuity) |
The IT-Grundschutz-Kompendium structure:
| Kapitel | Content |
|---|---|
| Kapitel 1 | Vorspann (intro) |
| Kapitel 2 | Schichtenmodell und Modellierung |
| Elementare Gefährdungen (47 generic threats) | |
| Process-Bausteine: ISMS, ORP, CON, OPS, DER | |
| System-Bausteine: IND, APP, SYS, NET, INF |
The Kompendium shrank from 4000+ pages to 816 pages by consolidating implementation guidance into Bausteine.
Tip: Don't read the Kompendium cover-to-cover. The right way is: pick the Bausteine that match your environment (e.g., NET.1.1 Netzarchitektur, APP.5.3 E-Mail-Server), and use those as your control roadmap.
Go deeper:
BSI-Standards 200-1/200-2/200-3/200-4 (official, DE) — the methodology standards, each summarised on the source page.
IT-Grundschutz-Kompendium (official, DE) — the content library of 80+ Bausteine (building blocks) and its ten layers.